Personal data belonging to 533 million
Facebook users has once again found itself leaked online, this time for free, which potentially opens it up to a lot more malicious eyeballs. That's not a good thing, obviously. In response, Facebook finds itself in damage control, posting the same tone-deaf response to multiple Twitter posts pointing to the leak.
"This is old data that was previously reported on in 2019. We found and fixed this issue in 2019," Liz Bourgeois, Facebook's Director of Strategic Communications, posted several times in response to tweets linking to articles on the situation.
We count at least five tweets with the same cringe-worthy response. It is true that it has been around 19 months since hackers scraped the personal data, which includes Facebook IDs, full names, phone numbers, locations, dates of birth, biographies, and email addresses, according to what Facebook told Business Insider. Facebook also says it patched the vulnerability that made the data theft possible.
That is all fine and dandy, but up until now, the leaked data was only available to people who were willing to pay for the information—a
sinister Telegram bot was discovered advertising the data for $20 a pop. Not anymore. Someone has posted the leaked data containing personal information belonging to hundreds of millions of Facebook users completely free of charge on a hacking forum.
The fact that the data was stolen two years ago is of little consequence, given that much of the information is still the same and relevant today. Armed with that information, a malicious actor could target individuals with personalized phishing schemes and other forms of fraud.
This has not been lost on Twitter users, who have called out Facebook for how it is handling the situation. One user sarcastically wrote, "How do I change my birth?," while another asked how exactly Facebook has "fixed" the situation, noting that "clearly the data is still out there."
Instead of posting the same dismissive response, Facebook's PR team should be focused on apologizing for the data fumble, regardless of the fact that it occurred in August 2019. It's not really "old data," in the sense that dates of birth do not change over time. Names, locations, and email addresses can change, but that is not always the case, particularly when you are talking about a time span is that barely more than a year and a half.
This should be old hat for Facebook by now, unfortunately—this is not the privacy screw-up. The
Cambridge Analytica scandal comes to mind, which resulted in Mark Zuckerberg testifying before Congress.